Home Log server How To Manage Log Files Using Logrotate In Linux

How To Manage Log Files Using Logrotate In Linux

Setup And Manage Log Rotation With Logrotate In Linux

By sk
Published: Last Updated on 3.8K views

We already have published a guide that described how to setup centralized Rsyslog server on CentOS system. Today, in this guide, we are going to discuss what is Logrotate, how to install Logrotate and how to manage log files using Logrotate on Linux.

What is Logrotate?

As its name implies, Logrotate rotates the logs entirely out of your system at regular interval time. it also allows automatic rotation, compression, removal, and mailing of log files.

The logrotate utility handles each log file hourly, daily, weekly, monthly, or when it grows too large or the log file reaches certain size.

This logrotate utility simplifies the administration of log files, and is especially useful for systems that produces large volume of log files everyday.

Install Logrotate in Linux

Logrotate is available in the default repositories of most Linux distributions.

To install logrotate in Alpine Linux, run:

$ sudo apk add logrotate

To install logrotate in Arch Linux and its variants such as EndeavourOS and Manjaro Linux, run the following command:

$ sudo pacman -S logrotate

To install logrotate in RPM based systems such as Fedora, RHEL, CentOS, CentOS Stream, AlmaLinux and Rocky Linux, run:

$ sudo dnf install logrotate

On older RHEL, CentOS systems, use yum instead of dnf to install logrotate.

$ sudo yum install logrotate

To install logrotate in Debian, Ubuntu and Ubuntu derivatives such as Elementary OS, Linux Mint, and Pop!_OS, run the following command::

$ sudo apt install logrotate

The logrotate can be installed in SUSE and openSUSE systems using the following command:

$ sudo zypper install logrotate

Compile and Install Logrotate from Source

Make sure you have installed the development tools in your Linux system. Refer the following link to know how to install Development tools in various Linux distributions.

How To Install Development Tools In Linux

Download the latest logrotate tarball from releases page. As of writing this guide, the latest version was 3.21.0. Let us download it using wget program in the current directory:

$ wget https://github.com/logrotate/logrotate/releases/download/3.21.0/logrotate-3.21.0.tar.gz

Let us extract the downloaded tarball:

$ tar xvzf logrotate-3.21.0.tar.gz

This will extract contents of the tarball into a directory named logrotate-3.21.0. Cd into that directory:

$ cd logrotate-3.21.0

Next, run the following command:

$ ./configure

If you encounter with the following error:

configure: error: libpopt required but not found

Install libpopt-dev in Debian-based systems:

$ sudo apt install libpopt-dev

In RPM-based systems, install popt-devel package.

$ sudo dnf install popt-devel

And then, re-run the ./configure command.

$ ./configure

Finally, install logrotate using commands:

$ make
$ sudo make install

Manage Log Files using Logrotate

The main configuration file of LogRotate is /etc/logrotate.conf.

Here is the default contents of this file in my Fedora Linux system.

# see "man logrotate" for details

# global options do not affect preceding include directives

# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# system-specific logs may also be configured here.

The output might look bit different on other Linux distributions. For example, my old Arch Linux box's logrotate.conf file has different contents.

$ cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# restrict maximum size of log files
#size 20M

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# Logs are moved into directory for rotation
# olddir /var/log/archive

# Ignore pacman saved files
tabooext + .pacorig .pacnew .pacsave

# Arch packages drop log rotation information into this directory
include /etc/logrotate.d

/var/log/wtmp {
 monthly
 create 0664 root utmp
 minsize 1M
 rotate 1
}

/var/log/btmp {
 missingok
 monthly
 create 0600 root utmp
 rotate 1
}

Let us see what each option does in the above configuration file.

  • weekly - It rotates the logs every week.
  • rotate 4 -  By default, LogRotate keeps the four weeks (one month, obviously) worth of log files. Since, it rotates all log files after a particular period of time, you might need to keep a backup of important log files if you don’t want to lose them.
  • size 20M - Rotates the log files if they reached the size of 20MB. By default, this option is disabled. To enable it, just uncomment it.
  • create - Creates new log files once the after rotating the old log files. This option is enabled by default.
  • compress - Compresses the log files. Also, it doesn’t compress logs by default. If you want to compress the logs, uncomment this line.
  • /etc/logrotate.d/ - This directory contains application-specific log rules files.
  • missing ok - If the log file is missing, Logrotate will go on to the next one without issuing an error message.

Logrotate segments the log files, and compresses the logs based on the rules that are specified under /etc/logrotate.d/ directory.

Let us take a look at this directory contents.

$ ls /etc/logrotate.d/

Sample Output:

bootlog  chrony  firewalld  httpd        libvirtd       numad  psacct  sssd            wtmp
btmp     dnf     glusterfs  iscsiuiolog  libvirtd.qemu  ppp    samba   wpa_supplicant

As you see in the above output, it contains various rules files for all logs managed by Logrotate.

To view a specific application's log rule, for example samba, run:

$ cat /etc/logrotate.d/samba

Sample Output:

/var/log/samba/log.smbd /var/log/samba/log.nmbd /var/log/samba/*.log {
 notifempty
 missingok
 sharedscripts
 copytruncate
 postrotate
 /bin/kill -HUP `cat /var/run/samba/*.pid 2>/dev/null` 2>/dev/null || true
 endscript
}

Here,

  • notifempty - Indicates the log files will not be rotated if it is empty.
  • copytruncate - Truncate the original log file in place after creating a copy.
  • sharedscript - The scripts are only run once, no matter how many logs match the wildcarded pattern.
  • postrotate/endscript - The lines between postrotate and endscript are executed after the log file is rotated.

You can also create your own log rules files in /etc/logrotate.d/ directory and define your own rules.

Cron Configuration

Cron runs the logroate utility daily in search of log files to rotate. You can specify automatic log rotation rules in /etc/cron.daily/logrotate file to avoid manual user intervention.

$ cat /etc/cron.daily/logrotate 
#!/bin/sh

# skip in favour of systemd timer
if [ -d /run/systemd/system ]; then
    exit 0
fi

# this cronjob persists removals (but not purges)
if [ ! -x /usr/sbin/logrotate ]; then
    exit 0
fi

/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit $EXITVALUE

It will perform the log rotation every single day at a specific time.

Check Logrotate Status

To verify whether the logs files are rotating or not, check the logrotate.status file:

$ sudo cat /var/lib/logrotate/logrotate.status 

Sample Output:

logrotate state -- version 2
"/var/log/glusterfs/snaps/*/*.log" 2022-11-29-14:0:0
"/var/log/firewalld" 2022-11-29-14:0:0
"/var/log/boot.log" 2023-4-7-16:10:29
"/var/log/hawkey.log" 2023-4-7-16:10:29
"/var/log/glusterfs/*.log" 2022-11-29-14:0:0
"/var/log/httpd/*log" 2022-11-29-14:0:0
"/var/log/chrony/*.log" 2022-11-29-14:0:0
"/var/log/wtmp" 2022-11-29-14:0:0
"/var/log/btmp" 2023-4-7-16:10:29
"/var/log/glusterfs/samples/*.samp" 2022-11-29-14:0:0
"/var/log/iscsiuio.log" 2022-11-29-14:0:0
"/var/log/libvirt/libvirtd.log" 2022-11-29-14:0:0
"/var/log/libvirt/qemu/*.log" 2022-11-29-14:0:0
"/var/log/sssd/sssd_kcm.log" 2023-4-7-16:10:29
"/var/log/wpa_supplicant.log" 2022-11-29-14:0:0
"/var/log/glusterfs/bricks/*.log" 2022-11-29-14:0:0
"/var/log/numad.log" 2022-11-29-14:0:0
"/var/log/ppp/connect-errors" 2022-11-29-14:0:0
"/var/log/samba/log.*" 2022-11-29-14:0:0
"/var/account/pacct" 2022-11-29-14:0:0

In some older Linux distributions, this file's location might be different.

$ cat /var/lib/logrotate.status

Sample output:

logrotate state -- version 2
"/var/log/samba/log.smbd" 2022-5-12-11:0:0
"/var/log/lircd" 2022-6-15-10:0:0
"/var/log/httpd/*log" 2022-5-12-11:0:0
"/var/log/wtmp" 2022-5-6-10:0:0
"/var/log/samba/*.log" 2022-5-12-11:0:0
"/var/log/btmp" 2023-4-1-11:36:53
"/var/log/samba/log.nmbd" 2023-4-1-11:0:0

Getting Help

For more details, run the logrotate by entering the following command:

$ logrotate --help

Also refer man pages:

$ man logrotate

Conclusion

Logrotate is simple, yet useful log rotation tool that simplifies the log management. You don't need to complicate yourself with complex configuration and installation steps. Everything is self-explanatory. If you're managing a system that produces large number of log files, you can rotate the logs periodically using Logrotate in your Linux server.

Resource:

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More